Discovered by Damian Zelek -> [03 April 2006]
Published -> [23 June 2006]
Vendor was informed -> [24 April 2006]
Vendors answer -> "We will talk with our Department of Software" :-D
Summary:
GlobeTrotter Mobility Manager is a unique PC software solution that enables fast, simple and easy access to wireless data whilst hiding from the user the complexity of the underlying wireless technologies. GlobeTrotter Mobility Manager seamlessly controls both wireless Internet and fixed line dial-up connections to remote networks with support for 3G, E-GPRS, GPRS/GSM, WLAN/Wi-Fi, ADSL and standard PC modem connections. More info about software:
http://www.option.com/news/detail.cfm?newsitemgroup_id=84
Details:
There's a security issue in the implementation of virtual-keyboard.
As we all know virtual-keyboards should prevent from "keyloggers". In GlobeTrotter Mobility Manager [GTMM] implementation of virtual-keyboard when we "click" on some figure [for example when we are typing our PIN code] we can see effect of "active button", so good keylogger which can makes screenshoots will "sniff" that codes even when there's a virtual-keyboard.
Good virtual-keyboard shouldnt change view/size/depth/color/etc of button when someones is "clicking" on it [it should have "stoned-face"]. That issue/problem was mentioned many times, for example on SecurityFocus [publication, arts].
When I was making tests, my own short-coded keylogger easily "catched" [via screenshoots] all PIN codes that I was typing throught "bad" implementation of virtual-keyboard [in GlobeTrotter implementation of virtual-keyboard when we "click" on button it changes its color + we can see depth-effect]. As soon as it's possible Option Wireless Technology should fix that issue in software. When we have a good implementation of virtual-keyboard, when we click on some button that button doesnt change color/size or other effects of "active button". So even if keylogger is making a good screenshoots we do know nothing about typing password (especially when user likes to "fly-only" [even unintentionally] over many buttons, but click only 4 of them).
Developers should read this: http://www.securityfocus.com/infocus/1829 [section Preventing Keystroke Capture.]
BTW. I didnt published it earlier because I thought that vendor will quickly fix it, but when I saw on the Internet that many "bad programms" are already waiting for GTMM, I decided to inform all of You (especially GTMM users). Beware :-D
PoC screenshoot ::
http://img45.imageshack.us/my.php?image=poc7ik.jpg